Public Metadata Issuance #25
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
src/auth/authorize.rs
Outdated
| let err = nom::Err::Failure(nom::error::make_error(input, nom::error::ErrorKind::Tag)); | ||
|
|
||
| for (key, value) in key_values { | ||
| match key.to_lowercase().as_str() { | ||
| match dbg!(key).to_lowercase().as_str() { |
raphaelrobert
requested changes
Nov 21, 2023
There was a problem hiding this comment.
Thanks for the PR! I'm not very familiar with the issuance protocol, so I flagged @chris-wood for a review as well.
I commented on a few nits for now. I see this is written so that the existing API isn't touched much. I wouldn't be against bringing the two variants of public tokens closer together on the API level. This isn't even published as a crate yet, so we still have full flexibility.
| ) -> Result<(Token<Nk>, Option<Vec<u8>>), ParseError> { | ||
| let s = value.to_str().map_err(|_| ParseError::InvalidInput)?; | ||
| let mut tokens = parse_header_value(s)?; | ||
| Ok(tokens.pop().unwrap()) |
There was a problem hiding this comment.
This should return an error instead
| Ok(token) | ||
| } | ||
|
|
||
| /// Parses an `Authorization` header according to the following scheme: | ||
| /// | ||
| /// `PrivateToken token=... [extensions=...]` |
There was a problem hiding this comment.
Suggested change
| /// `PrivateToken token=... [extensions=...]` | |
| /// `PrivateToken token=... [, extensions=...]` |
src/auth/authorize.rs
Outdated
| @@ -148,6 +148,30 @@ pub fn build_authorization_header<Nk: ArrayLength<u8>>( | |||
| Ok((header_name, header_value)) | |||
| } | |||
|
|
|||
| /// Builds a `Authorize` header according to the following scheme: | |||
| /// | |||
| /// `PrivateToken token=...,extensions=...` | |||
There was a problem hiding this comment.
Suggested change
| /// `PrivateToken token=...,extensions=...` | |
| /// `PrivateToken token=..., extensions=...` |
src/auth/authorize.rs
Outdated
| extensions: &[u8], | ||
| ) -> Result<(HeaderName, HeaderValue), BuildError> { | ||
| let value = format!( | ||
| "PrivateToken token={},extensions={}", |
There was a problem hiding this comment.
Suggested change
| "PrivateToken token={},extensions={}", | |
| "PrivateToken token={}, extensions={}", |
Extensions may be used in new Privacy Pass issuance protocols to encode additional information alongside a token.
This is a variant of the Privacy Pass issuance protocol that encodes public information that is cryptographically bound to the token but visible to all parties (i.e. the metadata is cleartext). A new API for issuing public tokens has been created which is extensible in terms of the issuance protocol the client wishes to use. The basic Privacy Pass issuance protocol is implemented in terms of this generic implementation. https://datatracker.ietf.org/doc/html/draft-hendrickson-privacypass-public-metadata
cbranch
force-pushed
the
cbranch/public-metadata
branch
from
a92d382 to
52b4970
Compare
* delimit kvs with a ` ` rather than `,`. * values can be optionally surrounded with quotes * quirk: allow for URL_SAFE and URL_SAFE_NO_PAD encoding for extension values
Update to the newest revision and allow for some quirks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a variant of the Privacy Pass issuance protocol that encodes
public information that is cryptographically bound to the token but
visible to all parties (i.e. the metadata is cleartext).
The Authorisation header can receive this metadata via the extensions parameter alongside the existing token param.
A new API for issuing public tokens has been created which is extensible
in terms of the issuance protocol the client wishes to use. The basic
Privacy Pass issuance protocol is implemented in terms of this generic
implementation.
https://datatracker.ietf.org/doc/html/draft-hendrickson-privacypass-public-metadata
cc @chris-wood